The present system relates to a secured transaction key that is secured by reference to part, but not all of, a user""s body part.
Credit card transaction fraud is an expensive problem. Prevention of such fraud requires making sure that the credit card is not stolen or used in an authorized way. Some credit cards, for example, put the user""s photograph on the credit card. It has also been suggested to use a fingerprint or a retinal scan for identification.
This problem becomes more difficult when carried out over the Internet. A stolen credit card can easily be used over the Internet since the person does not need to appear in person. There is no clerk to compare the person using the card to the photograph on the card.
Fingerprints have been suggested as an effective way of verifying a user""s identity. The central credit card validating company could include an image of the user""s fingerprint. Relatively inexpensive fingerprints scanners are available. The user inserts a specified finger into the fingerprint scanner, and the scan from the user""s finger would be sent along with the credit card information. This received fingerprint information would then be compared with fingerprint information within the database, prior to accepting the transaction.
Problems with fingerprint comparisons of this type include the difficulty of comparing an incoming fingerprint with a huge number of possibilities from which it could be compared and the bandwidth.
The science of fingerprints hence defines the fingerprints, nd segregate the fingerprints into distinct classes. The classes of patterns currently used includes loops, whorls, and arches. Approximately sixty-five percent of the patterns are loops, thirty percent are whorls and approximately five percent are arches. Fingerprints are typically described in symbolic representation of alphanumeric clusters that define what is observed in the print itself in the terms of the loops, whorls, and clusters. Positive and absolute identification on the Internet or in any remote location becomes a difficult problem. A perpetrator of Internet access fraud often is very clever about the way that they carry out the fraud. For example, these people often use sophisticated systems to intercept information, including persons"" passwords and personal access numbers. Therefore, if a user sends an image of his fingerprint, the hacker could intercept that image and later use the intercepted image to perpetrate a fraud.
In addition, sending an entire image is a bandwidth-intensive operation. This operation could take many minutes, which could cause unacceptable delays.
It is possible, of course, to encrypt the entire image. However, this would require even more mathematical sophistication to the system.
The present inventor recognized the desirability of using a constantly-changing personal access code on the Internet. Use of such a constantly-changing access code, of a type which is not able to be stored by a computer or calculated in any conventional manner, would be highly advantageous. In addition, the system should not be one which requires the user to memorize complicated information.
According to this system, a part of the user""s body is used as the constantly-changing personal access code. However, rather than using the entirety of the image of the part of the user""s body, this system selects only different portions of the image to send. The different portions of the image are calculated based on time and date stamps indicating when they are sent. Therefore, a hacker or unauthorized user who receives the information receives only a part of the information indicating the body part. No receiver gets enough information to reconstruct the entirety of the image. The unauthorized receiver therefore could not reuse the information at some later time, because that later time would have a different time stamp and would hence require different information.
Therefore, the unauthorized reception does the receiver virtually no good, since the unauthorized reception does not provide enough information to allow the receiver to reconstruct the information at some later time. It also does not give the receiver all the information about the fingerprint.
This system has another added advantage of allowing a reduction in the amount of information which is sent. This hence reduces the total needed bandwidth of the system, and reduces the amount of time that will be necessary for the operation.
In addition, the present system includes additional aspects, including an encryption key which adds further security to the system, and an additional aspect compensates for orientation of the fingerprint.
These and other aspects will now be described in detail with reference to the accompanying drawings, wherein: